General
-
Target
2eef2757_by_Libranalysis
-
Size
1.1MB
-
Sample
210503-7ssxxlyjxx
-
MD5
2eef27576ba66a0aa6c3cac328aa9afe
-
SHA1
68977bc0319cd5bc3f32f505f35c663798b5a8a7
-
SHA256
225c460dc6f080da60943e84ce4ad24d7d078e39c8f3d66bdae1830ae6c3742f
-
SHA512
365c7a04c6091b888c7f6c186a08732d535d990003885c16f32fcf46488e1846d056b2fc2c9d1ea726f73f05f20cef716b48bb2a0f157211be862783cf43d1a6
Static task
static1
Behavioral task
behavioral1
Sample
2eef2757_by_Libranalysis.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
Targets
-
-
Target
2eef2757_by_Libranalysis
-
Size
1.1MB
-
MD5
2eef27576ba66a0aa6c3cac328aa9afe
-
SHA1
68977bc0319cd5bc3f32f505f35c663798b5a8a7
-
SHA256
225c460dc6f080da60943e84ce4ad24d7d078e39c8f3d66bdae1830ae6c3742f
-
SHA512
365c7a04c6091b888c7f6c186a08732d535d990003885c16f32fcf46488e1846d056b2fc2c9d1ea726f73f05f20cef716b48bb2a0f157211be862783cf43d1a6
-
Formbook Payload
-
Adds policy Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-